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IN THE CLAIMS 
Please amend the claims as follows: 

1 . (Currently Amended): A relay apparatus for a terminal or a server on a private 
network that does not have an address on a global network to perform communication through 
the global network, comprising: 

a WAN interface unit which provides communication with the global network; 

a LAN interface unit which provides communication with the private network; 

an access control unit having means for controlling access from the global network to the 
private network in accordance with an access control rule which is established on a per sending 
device basis or on a per sending network basis; 

an address translation unit including, 

means for translating an address in accordance with an address translation rule, in order 
to transfer information from a terminal on the global network to a terminal on the private 
network, and 

means for translating an address in accordance with a rule established on a per sending 
device basis, in order to transfer information from a terminal on the private network to a 
terminal on the global network; and 

a database unit which records the access control rule and the address translation rule, 
wherein 

the address translation rule associates dictates a translation using a combination of a 
sending device address on the global network and destination address of the relay apparatus on 
the global network to translate the destination address of the relay apparatus on the global 
network to with a destination addresses of the terminal or server on the private network, and 

if a combination of the sending device address and destination address included in [[of]] 
[[the]] a packet received at the WAN interface unit matches is identical to the combination of 
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the sending device address on the global network and destination address of the relay apparatus 
on the global network [[of]] included in the address translation rule, the address translation unit 
translates the destination address of the packet received at the WAN to the destination address 
of the term inal or server on the private network. 

2. (Previously Presented): The relay apparatus according to Claim 1, comprising: 

an authentication unit which performs authentication in response to a request for access 
permission sent from a terminal on the global network, wherein: 

the database unit further records user information used by the authentication unit to 
perform authentication; 

wherein the access control unit further includes, 

means for adding an access control rule established on a per sending device basis or a per 
sending network basis to the database unit if the authentication succeeds, and 

means for deleting the added access control rule from the database unit when a 
predetermined criterion for ending communication is satisfied; and 

the address translation unit further includes, 

means for adding an address translation rule which sets the terminal on the global 
network as the sending device to the database unit if the authentication succeeds, and 

means for deleting the added address translation rule from the database unit when a 
predetermined criterion for ending communication is satisfied. 

3. (Previously Presented): The relay apparatus according to Claim 1, wherein: 
the access control unit further includes, 
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means for adding an access control rule established on a per sending device basis or on a 

per sending network basis to the database unit in response to a request from an authentication 

sever which performs authentication of a terminal on the global network, and 

means for deleting the added access control rule from the database unit when a 

predetermined criterion for ending communication is satisfied; and 
the address translation unit further includes, 

means for adding an address translation rule which sets the terminal on the global 
network as the sending device to the database unit in response to a request from the 
authentication server, and 

means for deleting the added address translation rule from the database unit when a 
predetermined criterion for ending communication is satisfied. 

4. (Previously Presented): An authentication server which permits access to the relay 
apparatus according to Claim 3, comprising: 

an interface unit which provides communication with a terminal on the global network 
and the relay apparatus; 

an authentication unit which performs authentication in response to a request for 
permission to access the relay apparatus from a terminal on the global network; 
a control unit including, 

means for requesting the relay apparatus to add an access control rule and an address 
translation rule which sets the terminal on the global network as the sending device for a 
packet from the terminal on the global network if authentication at the authentication unit 
succeeds, and 
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means for requesting the relay apparatus to delete the added access control rule and 
address translation rule when a predetermined criterion for ending communication is satisfied; 
and 

a database unit which records information associating user information used by the 
authentication unit to perform authentication with an access control rule and address translation 
rule requested to be added. 

5. (Previously Presented): The relay apparatus according to Claim 1, wherein: 
the access control unit further includes, 

means for adding an access control rule established on a per sending device basis to the 
database unit in response to a request for initiating communication from a terminal on a private 
network, and 

means for deleting the added access control rule from the database unit when a 
predetermined criterion for ending communication is satisfied; and 
the address translation unit further includes, 

means for adding a rule established on a per sending device basis to the database unit in 
response to a request for initiating communication from a terminal on the private network, and 
means for deleting the added rule from the database unit when a predetermined criterion 
for ending communication is satisfied. 

6. (Currently Amended): An address translation apparatus for a terminal or a server on a 
private network that does not have an address on a global network to perform communication 
through the global network, comprising: 

a WAN interface unit which provides communication with the global network; 
a LAN interface unit which provides communication with the private network; 
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an address translation unit including, 

means for translating an address in accordance with an address translation rule, in order 
to transfer information from a terminal on the global network to a terminal on the private 
network, and 

means for translating an address in accordance with a rule established on a per sending 
device basis, in order to transfer information from a terminal on the private network to a 
terminal on the global network; [[and]] 

a database unit for recording the address translation rule, wherein 
the address translation rule associates dictates a translation using a combination o f a 
sending device address on the global network and destination address of the address transla tion 
apparatus on the global network to translate the destination address of the address translation 
apparatus on the global network to with a destination addresses of the terminal or server on the 
private network, and 

if a combination of the sending device address and destination address included in [[of]] 
[[the]] a packet received at the WAN interface unit matches is identical to the combination of 
the sending device address on the global network and destination address of the address 
translation apparatus on the global network [[of]] included in the address translation rule, the 
address translation unit translates the destination address of the packet received at the WAN to 
the destination address of the terminal or server on the private network. 

7. (Previously Presented): The address translation apparatus according to Claim 6, 
wherein 

the address translation unit further includes, 
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means for adding an address translation rule which sets the terminal on the global 

network as the sending device to the database unit in response to a request for initiating 

communication sent from a terminal on the global network, 

means for deleting the added address translation rule from the database unit when a 

predetermined criterion for ending communication is satisfied, 

means for adding a rule established on a per sending device basis to the database unit in 

response to a request for initiating communication sent from a terminal on the private network, 

and 

means for deleting the added rule from the database unit when a predetermined criterion 
for ending communication is satisfied. 



8. (Previously Presented): The address translation apparatus according to Claim 7, 
comprising: 

an authentication unit which performs authentication in response to a request for 
initiating communication from a terminal on the global network, wherein: 

the database unites further records user information used by the authentication unit to 
perform authentication, and 

the address translation unit adds the address translation rule which sets the terminal or 
the global network as the sending device to the database unit in response to a request for 
initiating communication from a terminal on the global network only if the authentication 
succeeds. 



9. (Previously Presented): The address translation apparatus according to Claim 7, 
wherein the address translation unit adds the address translation rule which sets the terminal 
the global network as the sending device to the database unit in response to a request for 
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initiating communication from a terminal on the global network only if an authentication 
server which performs authentication requests the addition. 

10. (Previously Presented): An authentication server which permits access to the 
address translation apparatus according to Claim 9, comprising: 

an interface unit which provides communication with a terminal on the global network 
and the address translation apparatus; 

an authentication unit which performs authentication in response to a request for 
permission to access the address translation apparatus from a terminal on the global network; 

a control unit including, 

means for requesting the address translation apparatus to add an address translation rule 
which sets the terminal on the global network as the sending device if authentication at the 
authentication unit succeeds, and 

means for requesting the address translation apparatus to delete the added address 
translation rule when a predetermined criterion for ending communication is satisfied; and 

a database unit which records user information used by the authentication unit to perform 
authentication. 

11-14. (Canceled). 

15. (Previously Presented): The relay apparatus according to Claim 1, wherein 

the access control rule and the address translation rule have a condition with the IP 
address of the sending device or the IP address of the sending network. 

16. (Previously Presented): The relay apparatus according to Claim 15, comprising: 
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an authentication unit which performs authentication in response to a request for access 

permission sent from a terminal on the global network, wherein: 

the database unit further records user information used by the authentication unit to 

perform authentication; 

the access control unit further includes, 

means for adding an access control rule established on a per sending device basis or a per 
sending network basis to the database unit if the authentication succeeds, and 

means for deleting the added access control rule from the database unit when a 
predetermined criterion for ending communication is satisfied; and 

the address translation unit further includes, 

means for adding an address translation rule which sets the terminal on the global 
network as the sending device to the database unit if the authentication succeeds, and 

means for deleting the added address translation rule from the database unit when a 
predetermined criterion for ending communication is satisfied. 

17. (Previously Presented): The address translation apparatus according to Claim 6, 
wherein 

the address translation rule has a condition with the IP address of the sending device or 
the IP address of the sending network. 

18. (Previously Presented): The address translation apparatus according to Claim 17, 
wherein 

the address translation unit further includes, 
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means for adding an address translation rule which sets the terminal on the global 

network as the sending device to the database unit in response to a request for initiating 

communication sent from a terminal on the global network, 

means for deleting the added address translation rule from the database unit when a 

predetermined criterion for ending communication is satisfied, 

means for adding a rule established on a per sending device basis to the database unit in 

response to a request for initiating communication sent from a terminal on a private network, 

and 

means for deleting the added rule from the database unit when a predetermined criterion 
for ending communication is satisfied. 



19-20. (Canceled). 



21 . (Currently Amended): An address translation method , implemented by an address 
translation apparatus, for a terminal or server on a private network that does not have an 
address on a global network to perform communication through the global network , 
comprising: 

recording an address translation rule associating dictating a translation using a 
combination of a sending device address on the global network and destination address of the 
address translation apparatus on the global network to translate the destination address of the 
address translation apparatus on the global network to with a destination address of the 
tgmunal or server on the private network in a database unit b ef orehand ; 

when- receiving s packet from the global network in rocoivoH by a WAN interface unit, 
o f the address translation apparatus , a packet from the global network: 



10 



Application No. 10/558,629 

Reply to Office Action of March 17, 2010 and Advisory Action dated May 28, 2010 

tran s lating, by an addre s s translation unit, a destination of the packet to the d e stination on 
the private network, if the sending device and destination of the packet received at the WAN 
interface unit match e s the s e nding devic e and destination on the global network of th e addr es s 
translat i on rule, and 

if a combination of the sen ding device address and destination address included in the 
packet received at the WAN inte rface unit is identical to the combination of the sending device 
address on the global network and destination address of the address translation apparatus on 
the glo bal network included in the address translation rule, translating, at the address 
trans lation apparatus, the destination address of the packet received at the WAN to the 
destination address of the terminal or server on the private network; and 

transferring, by a LAN interface unit, the packet having the translated address to the 
private network; 

when a packet from the private network is received by [[a]] the LAN interface unit, 

translating, by the address translation unit, a source address in accordance with 

the-arule established on a per sending device basisj[;]] and 

transferring, by the WAN interface unit, the packet having the translated address 

in accordance with the rule established on the per sending device basis to the global 

network. 

22. (Currently Amended): An address translation method , implemented by an address 
translation apparatus, for a terminal or server on a private network that does not have an 
address on a global network to p e rform communication through the global n e twork , 
comprising: 

recording an address translation rule associating dictating a translation using a 
combination of a sending device address on the global network and destination address of the 
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address translation apparatus on the global network to translate the destination address of the 
address translation apparatus on the global network to wkh a destination address of the 
terminal or server on the private network in a database unit beforehand ; 

receiving a packet at the address translation apparatus; 

performing authentication in an authentication unit, 

if the authentication succeeds, checking, by the address translation unk apparatus , the 
database unit to see whether or not [[an]] the address translation rule whose combination of the 
sending device address on the global network and the destination address of the address 
translation apparatus on the global network matches that is identical to a combination of a 
sending device address and destination address \\of\] included in the packet is stor e d in the 
database unit received by the address translation apparatus , 

if a matching the address translation rule [[is]] found in the database unit includes a 
combination of the sending device address on the global network and the destination address of 
the address translation apparatus on the global network is identical to the combination of the 
sending device address and the destination address included in the packet received by the 
address translation apparatus , translating the destination address included in [[of|] the packet to 
the destination address of the terminal or server on the private network in accordance with the 
address translation rule, and 

if a matching address the translation rule is not found in the database unit does not 
include a combination of the sending device address on the global network and the destination 
address of the address translation apparatus on the gl obal network that is identical to the 
combination of the sending device address and the destination address included in the packet 
received by the address translation apparatus , adding [[an]] a new address translation rule to 
the database unit and translating the destination address included in [[of]] the packet to the 
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destination address of the terminal or server on the private network in accordance with the 
added- new address translation rule; and 

transferring, by a LAN interface unit, the packet having the translated address to the 
private network; 

when a packet from the private network is received by the LAN interface unit, 

checking, by the address translation umtapparatus. the database unit to see 
whether or not an address translation rule whose destination address on the private 
network matches the sending device address of the packet received from the private 
network is stored in the database unit, and 

if a matching address translation rule for the packet received from the private 
network is found in the database unit, translating the sending device address of the packet 
received from the private network to an address on the global network of the WAN 
interface in accordanc e! with tho address translation rul e, 

if a matching address translation rule for the packet received from the private 
network is not found in the database unit, adding [[an]] another address translation rule to 
the database unit and translating the sending device address of the packet recei ved from 
the private network to an address on the global network of the WAN interface in 
accordance with the added- another address translation rule a [[;]] 

transferring by the WAN interface unit the packet received from the private 
network having the translated address to the global network^;]] and 

if there is an address translation rule added by the address translation unit to the 
database unit , deleting the added address translation rule from the database unit when a 
predetermined criterion for ending communication is satisfied. 
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23. (Original): The address translation method according to Claim 22, wherein, 
instead of performing authentication in the authentication unit, determination is made that 
authentication is successful when a request is received from an authentication server which 
performs authentication of a terminal on the global network. 

24-28. (Canceled) 

29. (Currently Amended): An address translation apparatus for a terminal or a server on 
a private network that does not have an address on a global network to perform communication 
through the global network, comprising: 

a WAN interface unit which provides communication with the global network; 
a LAN interface unit which provides communication with the private network; 
an address translation unit which translates an address in accordance with an address 
translation rule, in order to transfer information from a terminal on the global network to a 
terminal on the private network, and which translates an address in accordance with a rule 
established on a per sending device basis, in order to transfer information from a terminal on 
the private network to a terminal on the global network; [[and]] 

a database unit which records the address translation rule and the rule, wherein 
the address translation rule associat e s dictates a translation using a combination of a 
sending device address on the global network and destination address of the address translation 
apparatus on the global network to translate the destination address of the address translation 
ap p aratus on the global network to with a destination addresses of the terminal or server on the 
private network, and 

if a combination of the sending device address and destination address included i n [[of]] 
[[the]] a packet received at the WAN interface unit matehes- is identical to the combination of 
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the sending device address on the global network and destination address of the address 
translation apparatus on the global network [[of]] included in the address translation rule, the 
address translation unit translates the destination address of the packet received at the WAN to 
the destination address of the terminal or server on the private network. 

Claim 30 (New). The relay apparatus of claim 1, wherein the sending device address on 
the global network, the destination address of the relay apparatus on the global network, and 
the destination address of the terminal or server on the private network are each expressed as 
an IP address. 

Claim 31 (New). The relay apparatus of claim 6, wherein the sending device address on 
the global network, the destination address of the address translation apparatus on the global 
network, and the destination address of the terminal or server on the private network are each 
expressed as an IP address. 

Claim 32 (New). The method of claim 21, wherein the sending device address on the 
global network, the destination address of the address translation apparatus on the global 
network, and the destination address of the terminal or server on the private network are each 
expressed as an IP address. 

Claim 33 (New). The method of claim 22, wherein the sending device address on the 
global network, the destination address of the address translation apparatus on the global 
network, and the destination address of the terminal or server on the private network are each 
expressed as an IP address. 
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Claim 34 (New). The relay apparatus of claim 29, wherein the sending device address on 
the global network, the destination address of the address translation apparatus on the global 
network, and the destination address of the terminal or server on the private network are each 
expressed as an IP address. 
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